PT-2026-29045

Name of the Vulnerable Software and Affected Versions ZTE ZXHN H188A versions V6.0.10P2 TE through V6.0.10P3N3 TE Description An issue exists that allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface. These credentials...

CVE-2025-70998

UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script...

CVE-2023-53974

D-Link DSL-124 ME1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing...

EUVD-2014-3867

Malware in sbrugna...

EUVD-2015-8801

Malware in sbrugna...

PT-2024-3331 · D Link · D-Link Dir-845L

Name of the Vulnerable Software and Affected Versions: D-LINK DIR-845L versions =v1.01KRb03 Description: The issue is related to insufficient protection of internal data when handling the file parameter, potentially allowing a remote attacker to gain unauthorized access to protected information...

Cougar-LG Insecure File Path Vulnerability

Cougar-LG is a set of web applications written in Perl for connecting to a router or console. A security vulnerability exists in the lg.pl file in Cistron-LG 1.01. A remote attacker could use this vulnerability to obtain IP addresses and other router credentials...

CVE-2017-7315

An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin...

Information Disclosure

github.com/openshift/origin is vulnerable to information disclosure. When a pod is used with the --credentials option is used, a local attacker can get private key information by reading the systemd journal. This is because when the --credential option is enabled, the router credentials are store...

Improper access control

lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials...

CVE-2014-3930

lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials...

CVE-2014-3930

CVE-2014-3930 concerns lg.pl in Cistron-LG 1.01, where sensitive information is stored under the web root with insufficient access controls. The issue enables remote attackers to obtain IP addresses and other router credentials. The vulnerability is described consistently across sources (NVD/CNVD...

Design/Logic Flaw

openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal...

MTS MBlaze 3G Wi-Fi Modem Data Theft / Modification

Author: Ajin Abraham - xboz http://opensecurity.in Product MTS MBlaze 3G Wi-Fi Modem System Version 107 Manufacturer ZTE Model AC3633 import requests import os import urllib2 print "MTS MBlaze Ultra Wi-Fi / ZTE AC3633 Exploit" print "Vulnerabilities" print "Login Bypass | Router Credential Steali...